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EXAMINER'S AMENDMENT 

An examiner's amendment to tlie record appears below. Siiould tlie clianges 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Ted Liu on 6/25/2010. 

1. A system for single security administration comprising: 

a first application server of a transactional server type, which is configured to execute 
transaction processes including receiving transactional procedure calls from clients to initiate 
the transaction processes, wherein the first application server includes 

an access control list which defines user security information for use in 
authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 
which is configured to forward the transactional procedure calls from clients to another 
application server for authorization; 

a second application server of a non-transactional server type, which is configured to 
administer security for the first application server, wherein the second application server 
includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the transactional server type and the non-transactional server type, and 



Application/Control Number: 10/731,371 
Art Unit: 2439 



Page 3 



an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; and 
wherein, when a transactional procedure call to initiate a transaction is received from a 
client at the first application server, the LDAP authentication server plugin 

identifies the user associated with the transactional procedure call, 
determines that the second application server should authenticate the user, 
initiates an LDAP session between the first application server and the second 
application server, 

determines a third application server of a non-transactional server type that 
stores user and group information for the user, when the second application server fails, 

initiates an LDAP session between the first application server and the third 
application server, and 

forwards the transactional procedure call to [[the]] an embedded LDAP server in 
the third application server . 

wherein, upon receiving the transactional procedure call from the LDAP authentication 
server plugin, the embedded LDAP server 

processes the transactional procedure call, 

determines a corresponding user information from the user profile database, and 
returns the corresponding user information to the LDAP authentication server 

plugin, 

and wherein, after receiving from the embedded LDAP server a corresponding user 
information as determined by the user profile database at the second application server, the 
LDAP authentication server plugin 

creates a token reflecting an authentication result based on the corresponding 

user security information, which is subsequently used to authenticate the client to 

participate in the transaction. 



13. A method for providing single security administration comprising the steps of: 

providing a first application server of a transactional server type, which is configured to 
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execute transaction processes including receiving transactional procedure calls from clients to 
initiate the transaction processes, wherein the first server includes 

an access control list which defines user security information for use in 
authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 
which is configured to forward the transactional procedure calls from clients to another 
application server for authorization; 

providing a second application server of a non-transactional server type, which is 
configured to administer security for the first application server, wherein the second application 
server includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the transactional server type and the non-transactional server type, and 

an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; 
receiving a transactional procedure call to initiate a transaction from a client at the first 
application server; 

performing, via the LDAP authentication server plugin, the steps of 

identifying the user associated with the transactional procedure call, 
determining that the second application server should authenticate the user, 
initiating a LDAP session between the first application server and the second 
application server, 

determining a third application server of a non-transactional server type that 
stores user and group information for the user, when the second application server fails. 

initiating an LDAP session between the first application server and the third 
application server, and 

forwarding the transactional procedure call to [[the]] an embedded LDAP server 
in the third application server ; 

receiving the transactional procedure call from the LDAP authentication server plugin at 
the embedded LDAP server; 

performing, via the embedded LDAP server, the steps of 
processing the transactional procedure call. 
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determining a corresponding user information from tlie user profile database, and 
returning tlie corresponding user information to tlie LDAP autlientication server 

plugin; 

receiving from tlie embedded LDAP server a corresponding user information as 
determined by tlie user profile database at the second application server; and 

creating, via the LDAP authentication server plugin, a token reflecting an authentication 
result based on the corresponding user security information, which is subsequently used to 
authenticate the client to participate in the transaction. 



60. A non-transitorv machine readable storage medium having instructions embedded 
thereon and performing the following functions when executed by a processor: 

providing a first application server of a transactional server type, which is configured to 
execute transaction processes including receiving transactional procedure calls from clients to 
initiate the transaction processes, wherein the first server includes 

an access control list which defines user security information for use in 

authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 

which is configured to forward the transactional procedure calls from clients to another 

application server for authorization; 

providing a second application server of a non-transactional server type, which is 
configured to administer security for the first application server, wherein the second application 
server includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the transactional server type and the non-transactional server type, and 

an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; 
receiving a transactional procedure call to initiate a transaction from a client at the first 
application server; and 

performing, via the LDAP authentication server plugin, the steps of 
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identifying tlie user associated witfi tfie call, 

determining that the second application server should authenticate the user, 
initiating a LDAP session between the first application server and the second 
application server, 

determining a third application server of a non-transactional server type that 
stores user and group information for the user, when the second application server fails, 

initiating an LDAP session between the first application server and the third 
application server, and 

Allowable Subject Matter 

Claims 1, 3, 7-11, 13-14, 16, 20-24, 52-53, 55, 60, 63-65 are allowed. 

Fisher and Fictner, taken alone or in combination, do not teach: a first application 
server of a transactional server type, which is configured to execute transaction 
processes including receiving transactional procedure calls from clients to Initiate the 
transaction processes, wherein the first application server includes 

an access control list which defines user security information for use in 

authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server 

plugin which is configured to forward the transactional procedure calls from 

clients to another application server for authorization; 

a second application server of a non-transactlonal server type, which Is 
configured to administer security for the first application server, wherein the second 
application server includes 

a user profile database which includes security information for a plurality 
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of users, including for each of the users a mapping of security credentials for that 
user between the transactional server type and the non-transactional server type, 
and 

an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; and 
wherein, when a transactional procedure call to initiate a transaction is received 
from a client at the first application server, the LDAP authentication server plugin 
identifies the user associated with the transactional procedure call, 
determines that the second application server should authenticate the 

user, 

initiates an LDAP session between the first application server and the 
second application server, 

determines a third application server of a non-transactional server type 
that stores user and group information for the user, when the second application 
server fails, 

initiates an LDAP session between the first application server and the third 
application server,_and 

forwards the transactional procedure call to [[the]] an embedded LDAP 
server in the third application server, 

wherein, upon receiving the transactional procedure call from the LDAP 
authentication server plugin, the embedded LDAP server 
processes the transactional procedure call. 
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determines a corresponding user information from the user profile 
database, and 

returns tine corresponding user information to tine LDAP autlientication 
server plugin, 

and wherein, after receiving from the embedded LDAP server a corresponding 
user information as determined by the user profile database at the second application 
server, the LDAP authentication server plugin 

creates a token reflecting an authentication result based on the 

corresponding user security information, which is subsequently used to 

authenticate the client to participate in the transaction. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HARRIS C. WANG whose telephone number is 
(571)270-1462. The examiner can normally be reached on M-F 9-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, EDAN ORGAD can be reached on (571) 272-7884. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Christian LaForgia/ 

Primary Examiner, Art Unit 2439 

/Harris C Wang/ 
Examiner, Art Unit 2439 



